android_device_asus_flo

Piteball/android_device_asus_flo

Fork 0

mirror of https://github.com/followmsi/android_device_asus_flo.git synced 2024-09-21 02:58:05 +00:00

Commit graph

Author	SHA1	Message	Date
Jeff Vander Stoep	165b4ae091	Enforce ioctl command whitelisting on all sockets Remove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I7573fdb24f9c53ad169bce2aeab1baac8b2a11ea	2017-09-20 20:56:43 +00:00
Robert Craig	ba571057fa	Move SELinux diag_device policy to userdebug/eng. Also just remove all specific domain access and instead allow diag_device access for all domains on the userdebug/user builds. Change-Id: I2dc79eb47e05290902af2dfd61a361336ebc8bca Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>	2014-02-20 20:20:53 -05:00
Robert Craig	62d77eeceb	Address SELinux denials with rild. Allow r/w access to /dev/diag on userdebug/eng builds. avc: denied { read write } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file avc: denied { open } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file Grant radio sockets access to rild. avc: denied { write } for pid=323 comm="rild" name="qmux_radio" dev="tmpfs" ino=1053 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir avc: denied { write } for pid=323 comm="rild" name="qmux_connect_socket" dev="tmpfs" ino=1309 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file avc: denied { connectto } for pid=323 comm="rild" path="/dev/socket/qmux_radio/qmux_connect_socket" scontext=u:r:rild:s0 tcontext=u:r:qmux:s0 tclass=unix_stream_socket Change-Id: I89f7531fb006bfcae9f97b979fba61f3ed6badde Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>	2014-02-20 19:52:09 -05:00

Author

SHA1

Message

Date

Jeff Vander Stoep

165b4ae091

Enforce ioctl command whitelisting on all sockets

Remove the ioctl permission for most socket types. For others, such as
tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist
that individual domains may extend (except where neverallowed like
untrusted_app). Enforce via a neverallowxperm rule.

Change-Id: I7573fdb24f9c53ad169bce2aeab1baac8b2a11ea

2017-09-20 20:56:43 +00:00

Robert Craig

ba571057fa

Move SELinux diag_device policy to userdebug/eng.

Also just remove all specific domain access and instead
allow diag_device access for all domains on the
userdebug/user builds.

Change-Id: I2dc79eb47e05290902af2dfd61a361336ebc8bca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

2014-02-20 20:20:53 -05:00

Robert Craig

62d77eeceb

Address SELinux denials with rild.

Allow r/w access to /dev/diag on userdebug/eng builds.
  avc:  denied  { read write } for  pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
  avc:  denied  { open } for  pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file

Grant radio sockets access to rild.
  avc:  denied  { write } for  pid=323 comm="rild" name="qmux_radio" dev="tmpfs" ino=1053 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir
  avc:  denied  { write } for  pid=323 comm="rild" name="qmux_connect_socket" dev="tmpfs" ino=1309 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file
  avc:  denied  { connectto } for  pid=323 comm="rild" path="/dev/socket/qmux_radio/qmux_connect_socket" scontext=u:r:rild:s0 tcontext=u:r:qmux:s0 tclass=unix_stream_socket

Change-Id: I89f7531fb006bfcae9f97b979fba61f3ed6badde
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

2014-02-20 19:52:09 -05:00

3 commits